1. It is necessary to continuously monitoring your users, network activity and assets for vulnerabilities, malware and bad behavior (users using risky/vulnerable software, sending information over the internet in clear text, clicking on phishing links etc..) is absolutely necessary because firewalls and traditional anti-virus software is not enough.

SecuritySolutionsWatch.com: Thank you for joining us again today, Scott. The Managed Service Provider (MSP) environment seems to present very challenging cybersecurity considerations… network intrusions and cyber threats are on this rise. Please give us an overview of this particular space.

Scott Suhy: Let’s face it, up to now enterprise security has been expensive. Small and Medium Businesses (SMB’s) tend not to deploy enterprise security platforms given the investment required. In the past, Managed Services Providers (MSPs), who support the SMBs, did not offer more than managed anti-virus and firewalls management because investing in security talent and installing enterprise security technology (SIEM, NIDS, HIDS, Vulnerability Scanning etc…) put their price points above the market they were serving. Some MSPs tried working with companies like SecureWorks and AlienVault, who promote MSP programs, but found out the hard way that the business model doesn’t work for their customer base. However, Managed Detection and Response (MDR) service providers like NetWatcher are changing this dynamic and making enterprise security affordable for the SMB and easy to deploy for the MSP (with literally no upfront investment).

Most SMBs and MSPs have deployed a security stack that include Anti-Virus/Firewall/Secure DNS/WAF/Secure email — these components, combined with a Remote Management and Monitoring (RMM) platform are generally inexpensive, easy to deploy and add great value. However, in today’s environment this isn't enough.

This is why the Fortune 5000 enterprise accounts have been using a stack that includes Network Intrusion Detection (NIDS), Host Intrusion Detection (HIDS), Vulnerability Scanning, Security Information and Event Management (SIEM) and Active Threat Intelligence for over 10 years. This is also why most of the security mandates, such as the HIPAA Security Rule, the GLBA Safeguards Rule, PCI-DSS, FINRA, NIST 800-171, NYCRR 500 from NY State DFS etc.., all call out the need for some or all of this technology along with all the appropriate policies and procedures necessary to secure a customer’s data. This is also why most Fortune 5000 companies are mandating that their suppliers use an enterprise security stack - Most large corporations know that their suppliers have their data (third party law firms have contracts and patent data, accountants have tax data, application developers have code, data entry firms have customer data etc..) and they want those suppliers to have the same protections that they have deployed. In fact, some of the compliance requirements such as HIPAA require that healthcare providers push the liabilities down to their suppliers via Business Agreements (BAA). The new DFARS 252.204.7012 requirement for Department of Defense contractors has similar requirements.

So, the million-dollar question is… if customers are demanding their supply chain have an enterprise security stack and industry compliance mandates an enterprise stack what are MSPs supposed to do if they can’t afford the tools and they can’t find/afford the security talent to run enterprise security tools?

This is why we built NetWatcher! There is a giant opportunity here for MSPs at the moment. If you look at each vertical by employee size and count up the number of companies that fit into each just in the USA the numbers are staggering All of these organizations are moving to a more advanced security footprint over the next several years. You also know that they will first look to their MSP partner to provide the advanced stack and if you can’t provide it, they will find a MSP that can provide the stack and manage it for them.

We built NetWatcher to enable MSPs to easily offer their own Security Monitoring / Managed Security / Managed Detection and Response service. We designed and built NetWatcher from the ground up for SMBs and MSPs. We built the service to be easy to install, easy to use for SMB/MSP IT professionals (not hard to find security analysts–although, analysts tend to love it too) and affordable. MSPs will also find the multi-tenant single pane of glass user interface where they can manage all their customers — and the ConnectWise integration very valuable.

SecuritySolutionsWatch.com: We understand that AlienVault is one of the leading solutions providers in this market…how does NetWatcher’s value proposition compare ?

Scott Suhy: NetWatcher is a service where AlienVault is a product so at the end of the day you are comparing Apples and Oranges. However, we know that customers are faced with this choice — Managed Detection and Response with NetWatcher or buying a platform like AlienVault.

Did you ever hear the saying “Fast, good or affordable. Pick two.” Known as the Project Management Triangle. I don’t think it applies here–In this case I think you can have all 3.

#1. AlienVault’s pricing is on their Website. The big deal here is not the pricing of the platform (as both are comparable in price) but the price of the user of the platform. Many mid-market companies do not have security engineers and the AlienVault tool really requires this level of engineering proficiency–hence a dilemma. NetWatcher does not require you to have a team of very expensive security analysts (>100k/year) because we do the heavy lifting for you in our Security Operations Center (SOC). Which brings me to points ‘setup’ and ‘ease of use’ below. Also, keep in mind that buying software is a CAPEX versus OPEX event - your CFO will be happier.

#2. The AlienVault tool requires you to really understand Linux and systems administration. You can see it right in their documentation - it’s hard to setup. They offer some great ‘paid’ training that is quite pricey if you want to help turn your IT engineer into a Security Analyst. In contrast, the NetWatcher appliance (or Virtual Machine) is very easy to setup - just create a mirror port on your router or switch and hook us into it… If you want to install the NetAgent on endpoints you can but it’s not required (but recommended) and you can also point all your syslogs to the sensor as well for ingestion and advanced correlation.

#3. Ease of use. If you are in IT and have no advanced security expertise AlienVault is a stretch and is really going to require you to either hire a person that is qualified to use it, learn it yourself by going to training and dedicating a lot of time to understanding security or hiring a third party MSP or MSSP to manage it for you. If you use NetWatcher you get a real time Security Health Score — what’s at risk now! …and a Cyber Promiscuity Score (CPS) –what’s my probability of attack in the future. Not only that, if you load the NetWatcher netagent on the endpoints you can get these scores for each endpoint in the organization.

#4. If you are a security analyst the AlienVault information is useful and understandable. However, in contrast the NetWatcher information is very clear and concise and we only tell you about an Alarm once and age it over a two week period whereas AlienVault tells you about the Alarm over and over and over and over…. Just in their demo they have online there are over 1000 open Alarms mostly for the same issues. If you want event fatigue you will get it with AlienVault.

#5. Usefulness to Security Analysts - Both the AlienVault tool and the NetWatcher service are great for security analysts. You can get at all the same data but the NetWatcher interface is just a lot easier to use. With NetWatcher you can also easily setup tripwires to alert you via SMS or email if that bad actor you have been looking for has been poking around. But–it’s important for me to point out here–there is a team of Security Analysts in the NetWatcher Secure Operations Center (SOC) doing this for you….

#6. Usefulness to the Managed Services Provider ‘MSP’. This is where the NetWatcher tool really shines. Most MSPs customers can’t afford an MSP’s service fees once they invest in AlienVault or tools like it. However, with NetWatcher the MSP does not have to pay any money until they sign a customer and make money and start the service. NetWatcher is the MSP’s tier II support and their SOC. NetWatcher analysts teach the MSP how to become a great MSSP along the way and there is no outlay of cash upfront.

Oh yea… there is this other cool little feature we should tell you about with NetWatcher… it’s our Sensor-in-the-Cloud. If you don’t want to deploy a sensor locally you don’t have to… your endpoints can use our Sensor-in-the-Cloud option. This is also great to turn on for endpoints that are on the network sometimes and off others (mobile workers). You want to know if your CXO let their kids play Minecraft and download unsafe JAR files on their corporate laptop while they were on vacation long before that asset ever hits the corp net.

How Does the WanaCry Ransomware Work?

The Ransomware initially entered organizations via a phishing email message and then exploited a vulnerability (MS17-010) in Windows to spread within a network locking down computers and asking victims to pay $300 via Bitcoin. The Windows vulnerability was leaked as part of the NSA Shadow Brokers hack and Microsoft soon after released a patch however many computers were not yet updated at the time of the attack.

What Should I do? What do NetWatcher Customers do?

Customer’s first need to ensure they are not vulnerable to the attack: NetWatcher Managed Detection & Response customers leverage a built-in vulnerability scanner that periodically scans their environment for vulnerabilities. If the customer was vulnerable to the new ransomware they would have seen the vulnerability titled “SMBv1 Unspecified Remote Code Execution (Shadow Brokers)” show up in their reports as a high severity issue and warned that they needed to patch the Windows asset.

Customer’s need to continuously monitor their network: NetWatcher customers leverage a Network Intrusion Detection System (NIDS) that continuously monitors their internet bound network traffic in case an issue like this is ever seen in the future.

NetWatcher’s NIDS uses many rulesets. Some of the best indicators are from the ProofPoint/Emerging Threats Open NIDS ruleset and are used as a correlation vector to detect a WanaCry ransomware attack. Example signatures are as follows:

· ET CURRENT_EVENTS ETERNALBLUE Exploit M2 MS17-010

· ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Request (set)

· ET EXPLOIT Possible ETERNALBLUE MS17-010 Echo Response

· ET EXPLOIT Possible ETERNALBLUE MS17-010 Heap Spray

The NetWatcher’s cloud correlation service leverages these events (and many others) and creates Alarms when a threat like WanaCry worm is detected. Most NetWatcher customers set themselves up to receive High Security Alarms via SMS so they never miss a critical Alarm. If WanaCry is detected a customer would see an email or SMS titled: “WanaCry (or WannaCry, WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) ransomware has been detected on XYZ asset!”

Ensure your monitoring your endpoints: NetWatcher’s endpoint Host Intrusion Detection (HIDS) and LOGS modules also add a high degree of value in producing events when ransomware is detected. The HIDS file integrity monitoring, rootkit detection and process monitoring events (as well as Windows security event log events) all aid the cloud correlation engine to determine what’s been exploited, how bad is the exploit and is it spreading. Any asset that not on the corporate network and running NetWatcher’s Sensor-in-the-Cloud™ endpoint could even be tracked remotely.

Respond quickly: Isolate any infected assets to prevent the malware from spreading.

What is NetWatcher?

NetWatcher is a 24x7 network and endpoint security monitoring service designed specifically for ease of use, accuracy and affordability. With NetWatcher you can reduce risk and support regulatory compliance security requirements. You get: § An advanced, tightly integrated, security platform that only the Fortune 5000 could afford in the past § Actionable threat intelligence on what malware exists in your enterprise and remediation guidance § Visibility into the unintentional insider threat -- what your employees are doing on the network that is exposing the organization to exploit § A Secure Operation Center with security analysts monitoring your data and reaching out to your team when necessary § Easy to use customer portal designed for managers and IT, not for those hard to find security analysts, however you can go deep if you want… § Real time scores for today’s security situational awareness picture and the risk of exploit in the future

SecuritySolutionsWatch.com: The massive Yahoo breach affecting over 1 billion people, the Amazon hack, concerns over cyber war with foreign governments, and other daily headlines, unfortunately remind us just how vulnerable we are in today’s constant threat environment. What are best practices for governments, utilities, and enterprises of all kinds, to be followed with this backdrop in mind?

Scott Suhy: Every company large or small has the same issue, the unintentional insider threat—employees (or contractors) inside the network doing things that open the network up for exploit (running risky/vulnerable software, sending data unencrypted over the internet, leaving holes in the firewall etc). If you lower the amount of security hygiene issues your organization has then you lower your risk of a serious breach. NetWatcher is a low cost way of doing the continuous monitoring necessary to not only meet compliance demands but to also lower an organizations vulnerability of an unintentional insider threat.

NetWatcher opened up it’s FREE Managed Detection & Response (MDR) Platform from 1 user to 5 and turned on most of its features (including all of the widgets).

This is a great MDR solution for small offices and home networks.

· Secure VPN for all your internet traffic

o When you connect to an insecure network/WIFI all traffic is encrypted.

· Intrusion Detection in the Cloud

o When you connect to an insecure network/WIFI Intrusion Detection is active using the NetWatcher Cloud sensor.

· Active Threat Intelligence

o NetWatcher lets you know if you are being attacked and what to do to protect yourself—receive notifications (email) if your computer is under attack.

· Cyber Promiscuity Score

o NetWatcher warns you of any unintentionally risky online behavior that will lead to costly and time consuming intrusions, ransomware and cyber theft.

SecuritySolutionsWatch.com: Any new developments at NetWatcher, or recent headlines (Dyn, OVH?) you’d like to talk about ?

NetWatcher listens to customers and pushes it’s NetWatcher “Score” down to all employees connecting to a customer’s network. At the end of the day security is an employee behavior issue—employees have to take responsibility to ensure their company is not exploited. Most employees are allowed to install software, run outdated software, click on phishing messages, go to nefarious websites and send personally identifiable information (PII) over the internet in clear text. These behaviors and many more result in companies getting exploited by bad actors that want to exploit the organization. NetWatcher has been doing a great job providing its customers with a real time score that shows how an organization is doing from a security perspective (an algorithm that takes into account how many assets have malware, how many users have poor security hygiene and how long those issues are allowed to exist)—now NetWatcher is pushing down the hygiene score to each individual on the network and calling it the user’s “promiscuity score ™ ”. If you want to test out the NetWatcher platform you can easily download their free endpoint from their https://netwatcher.com website and score your own behavior—do it now before your behavior leads to your company getting exploited because of your activities.

Updated September 15, 2016

Scott Suhy, CEO, NetWatcher, told us, "We just launched into beta an endpoint that both works with locally deployed sensors when the user is on-premise as well as and with our cloud sensor when the user is at home or at the coffee shop. We agree that all security is moving to the cloud but we also believe that there is a transition period. Our architecture supports detection and response locally for on-premise users and IOT devices and it also supports the mobile workforce when they are not local. Most SIEM/security providers only support on-premise. What is unique with the NetWatcher Cloud Endpoint? 2 big things. The one I already mentioned – it can work without local on-premise security infrastructure. The second area – We are offering a free version of the endpoint that anyone can download and use for no cost."

SecuritySolutionsWatch.com: Thank you for joining us today, Scott. Before discussing NetWatcher Solutions in greater detail, please tell us about your background.

Scott Suhy: Over the past 20 years I have had many amazing experiences that are contributing to my vision and plan for Netwatcher. Early in my career at Microsoft I rose from engineer to general manager of a large P&L. Afterwards I caught the entrepreneurial bug and started a company called PointAbout which we successfully sold to an international software development firm. These experiences provided me the skills to help grow Greenline into a profitable software company that we sold to an international defense contractor in 2013. Fast forward to today, where we have assembled a world-class team of security engineers to focus on one of the biggest market opportunities that is currently being ignored; how to protect small and medium sized enterprises, who are clearly in the sights of hackers, for a reasonable cost with a solution that is easy to use at a cost they can afford.

SecuritySolutionsWatch.com: One will read about NetWatcher that, “Through continuous network security monitoring, NetWatcher serves as a 24/7 watchdog for your data and network. Our team of cyber security experts monitor your network and provide the managed security services you need to grow your business.” Please give us an overview of the solution NetWatcher delivers.

Scott Suhy: Executive staff of companies, board members and those with confidential company (and government) data use smartphones, tablets and laptops that go between work, home networks and public Wi-Fi, leaving their company data as a prime target. Bad actors know this and are using this soft underbelly to exploit infrastructure of larger companies via their supply chain.

For the last ten plus years Fortune 5000 organizations have been installing security software, creating governance models and hiring security professionals to fend off cyber related attacks on their companies. However, companies in the Small to Medium Enterprise market (SME) have been doing almost nothing to defend their infrastructure from malicious bad actors. In general, they can’t afford the protection (security products are expensive), they can’t hire the cyber security talent and their executives do not understand the problem or make it a company priority.

We built NetWatcher from the ground up to solve the problem of the SME who need a tool that is

Easy to install and use;

Accurate (drastically minimize false positives and noise); and

Affordable.

If we solved these key goals, we would be able to accomplish the mission of bringing enterprise security to the millions of businesses beyond the Fortune 5000. NetWatcher tightly couples Intrusion detection, netflow monitoring, active scanning, end point protection and event management with an advanced correlation engine that both detects malicious exploits and also highlights what users are doing that has opened the company up to exploit.

SecuritySolutionsWatch.com: We understand that small and medium Enterprises (“SME’s”) with under 1000 employees is your key target market. What is your perspective, Scott, regarding the unique value proposition that NetWatcher delivers in this space.

Scott Suhy: When we designed NetWatcher we designed it for the small to medium enterprise market but we wanted to be able to scale it to any size network over time. NetWatcher today can work in any size network, however, there is so much need for us in the SME market that it is where we are focused at the moment. SMEs can’t afford the technologies being used by the Fortune 5000 and if they could, they can’t afford to hire the security analysts to run these complex tools. NetWatcher is easy to use, easy to install, easy to understand and highly-accurate so users are not dealing with a lot of nonsense alerts. We only tell the business what they want to know…where are my problems and what do I do to fix them.

SecuritySolutionsWatch.com: You mentioned a couple of times that NetWatcher is very easy to use. Most security tools are designed for technical people, can you give us an example of how you are making security easy for anyone to use?

ScottSuhy: One example is our iPhone application. The app provides businesses with a real time snapshot of their overall network security, allowing them to access their user portal on-the-go. The app also features an overview of the user’s NetWatcher Score, which shows real-time vulnerability levels and how susceptible their company is to an attack. Based on the score the app recommends if action needs to be taken to secure the network and enables companies to resolve issues before a breach even occurs.

SecuritySolutionsWatch.com: Beyond SMEs, how could large enterprises benefit from NetWatcher?

Scott Suhy: We see two areas of the enterprise that would be ideal candidates to deploy NetWatcher – branch offices and franchises. In regards to branch offices, most CIO/CISO’s of large organizations have many buildings to cover across different geographies. While they often focus on the headquarters, they often don’t have the resources or budget to support branch offices. NetWatcher is a very cost effective option for providing enterprise level security to all those offices. In regards to franchises, most franchise cannot afford more than a firewall and antivirus software. We offer a low cost / high value option to put enterprise security in each of those locations that can be either managed individually or all as one.

SecuritySolutionsWatch.com: We read with great interest this compelling feedback from one of your customers, "NetWatcher gives us peace of mind with regular monitoring of outside threats. This lets me focus on our customers and development priorities instead of trying to figure out every possible security threat.” This is indeed quite impressive from the CEO at Avizia, Mr. Mike Baird. Care to elaborate on this and any other of your success stories?

Scott Suhy: Security is an expense much like liability insurance. It is necessary but it’s not going to make your company more money. It may save your business or your job, but it’s not a profit center. Our customers like us because we offer an affordable solution for the SME market that is easy to use and offers all the elements of an advanced Fortune 5000 solution. Before NetWatcher, the only thing these companies could afford was Anti-Virus software and a Firewall. Now they have access to a real-time continuous monitoring solution operating 24 hours a day, 7 days a week. This provides peace of mind to allow them to focus on operating their business.

SecuritySolutionsWatch.com: Can we discuss the IoT environment for a moment? The daily headlines tell us that the bad guys are always looking for the weakest link into the network. What does NetWatcher offer to the company leveraging IoT solutions?

Scott Suhy: Because of where NetWatcher sits behind the firewall, we see all the traffic going over a company’s internet connection. This allows us to monitor for issues on devices connected to the networking including smartphones, copiers, boardroom televisions, and cameras –essentially anything with a TCP/IP address.

Unintentional Insider Threats (UITs) seems to be a fast growing and major issue today as employees/users might innocently click on phishing messages, visit nefarious websites, run risky/outdated software, connect to an unsafe WIFI, or fall into any number of other traps.

SecuritySolutionsWatch.com: What are your thoughts Scott regarding “best practices” that should be followed in this environment?

Scott Suhy: The Unintentional Insider Threat (UIT) is the biggest security issue corporations face today. Users, sometimes knowingly but more often than not unknowingly, are putting their organization at risk through a variety of actions such as clicking on phishing messages, going to nefarious websites, running risky software (TOR/BitTorrent), running outdated software (Java, Flash), using “HTTP” versus “HTTPS”, connecting to unsafe WIFI’s, connecting personal assets like phones/tablets to the corporate WIFI, allowing children to play games like Minecraft on corporate assets (laptops), etc. NetWatcher helps organizations detect all of these hygiene issues that open an organization up for exploit.

SecuritySolutionsWatch.com: Generally speaking….do CEO’s at SME’s “get it”? Are there some common misconceptions you have encountered when speaking to these CEO’s about the threat landscape?

Scott Suhy: There are three distinct types of organizations that we are seeing. The first consists of those company CEOs who deal with regulatory compliance (FINRA, PCI-DSS, HIPAA etc...). These organizations contain those CEOs who are being pushed by their customers to have the same level of security as they do in order to keep their business. This group contains all the CEOs who have experienced a serious cyber-attack. This camp is looking for a solution like NetWatcher.

The second type of organization is the law firms, accounting/tax firms and anyone that does business with a bank. These organizations are being asked by their customers to get more secure and to invest in a continuous monitoring solution. This camp is also looking for a solution like NetWatcher.

On the other side of the count we are seeing organizations that will eventually be exploited soon. These organizations don’t know it yet, but in the future they will be looking for a solution that is easy to use, accurate, and affordable like NetWatcher—it’s just a matter of time.

SecuritySolutionsWatch.com: It seems to us that especially in today’s environment, with well-publicized breaches at Home Depot, JP Morgan, Target, and even at the IRS, that good cyber security is actually a good new business enabler as well. Your thoughts, Scott?

Scott Suhy: If you take the time to ensure you have both the technology and the process to protect your company, you will be both a more successful and more secure, and that leads to less risk and more revenue opportunity.

SecuritySolutionsWatch.com: The “Family Office” seems to present particularly vulnerable scenarios for the bad actors to get in? Would you agree?

Scott Suhy: In the fact that a “family office” represents a business with assets and networks of similar size as many small organizations, a family office is definitely vulnerable and therefore could benefit tremendously from Netwatcher. Beyond that, for corporate executives and board members, Netwatcher is well designed to protect their business and family information.

SecuritySolutionsWatch.com: NETWORK ALLIANCE is quite an impressive strategic partner. Want to elaborate for us about them and any other NetWatcher strategic relationships?

Scott Suhy: Network Alliance is one of our best Managed Services Provider (MSP) partnerships as they can now serve their customers as an MSSP (Managed Security Services Provider). We have MSP partners all over the country and we are now starting to work with MSPs in Canada. If I had to call out one new relationship that would be with end-point provider Triumfant. We’ve tightly integrated Triumfant’s end-point events into our advanced correlation engine (which is a critical component of the Netwatcher service) and this is working out well for our MPS partners and their customers.

SecuritySolutionsWatch.com: Thanks again for joining us today, Scott. Are there any other subjects you would like to discuss?

Scott Suhy: Executives need to take the time to educate themselves on the real threat. I think they are tired of hearing all the fear mongering and therefore are reluctant to take action. The reality is that there are tools available to anyone that can be very damaging to corporations. Let’s take Shodan as an example. It is a search engine that lets the user find specific types of computers (routers, servers, etc.) connected to the internet. A quick search for “default password” reveals printers, servers and system control devices that use “admin” as their user name and “1234” as their password. Many more connected systems require no credentials, and all you need is a Web browser to connect to them. This is a hacker’s paradise. So if it’s this easy to find companies to exploit just because those companies did not update their firmware or change their default passwords, you can imagine how vulnerable the majority of organizations are.